[rsyslog] Only log from network devices to database
Rainer Gerhards
rgerhards at hq.adiscon.com
Tue Jan 12 17:37:09 CET 2010
The config does not look obviously wrong to me (but I am bad at catching
errors...). A good suggestion is to write a debug log, it will tell you in
detail what happened during the filter evaluation.
Rainer
> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Sepperlot
> Sent: Tuesday, January 12, 2010 4:17 PM
> To: rsyslog at lists.adiscon.com
> Subject: [rsyslog] Only log from network devices to database
>
> Hello.
>
> I'm trying to log messages from various network devices to rsyslog and
> write them into a database.
> Therefore I use a setup as described in
> http://www.rsyslog.com/doc-rsyslog_mysql.html
>
> My (simple) rsyslog.conf contains the following:
>
> $ModLoad imudp
> $UDPServerAddress x.x.x.x
> $UDPServerRun 1514 # standard port is used by syslog-ng
>
> $ModLoad ommysql
> *.* :ommysql:localhost,DBNAME,DBUSER,DBPASS
>
>
> This writes all arriving log messages to the database and I can watch
> them with phplogcon. Up to here everything is ok and works.
>
> Now I only want to log messages from specific network devices
> identified
> by ip address but I'm totaly lost when it comes to combine filter
> conditions and actions. I've tried
>
> :fromhost-ip, isequal "IP.IP.IP.IP" \
> :ommysql:localhost,DBNAME,DBUSER,DBPASS
>
> *.* :fromhost-ip, isequal "IP.IP.IP.IP" \
> :ommysql:localhost,DBNAME,DBUSER,DBPASS
>
> but obvious this is BS ;)
> Goal is to log only network devices and maybe later log different
> devices to different databases.
>
> The backslash is added by me only in this mail. The commands are all in
> one line.
>
> Any help is appreciated.
>
> Best regards
> Sebastian
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
More information about the rsyslog
mailing list